Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.
Fixes: 45a845e40b ("Add EVP_DigestSign/EVP_DigestVerify support for DSA")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23948)
static size_t dsa_get_md_size(const PROV_DSA_CTX *pdsactx)
{
- if (pdsactx->md != NULL)
- return EVP_MD_get_size(pdsactx->md);
+ int md_size;
+
+ if (pdsactx->md != NULL) {
+ md_size = EVP_MD_get_size(pdsactx->md);
+ if (md_size <= 0)
+ return 0;
+ return (size_t)md_size;
+ }
return 0;
}